The Nomad cross-chain bridge hack was one of the biggest cryptocurrency hacks in recent history with the loss of over $190 million worth of digital assets. It was branded as one of the most chaotic hacks to have ever happened on the web 3.0.
The Nomad chain exploit happened because of a flaw in the smart contract. This drove hundreds of users with no prior technical knowledge to find a transaction that worked, replace the target address with their own and broadcast it. They were basically copying the the original hacker’s steps. The nature of the whole event made FatMan, an anonymous Terra researcher, to name the attack “the first decentralized robbery”.
Nomad’s team later confirmed that some of the users who raked in funds from the smart contract exploit did so to prevent the crypto from falling into the wrong hands. Nomad then pleaded for white hat hackers and ethical researchers to return the tokens.
Blockchain Security firm, Peckshield, has however confirmed the recovery of $9 million worth of digital assets to the cross-chain bridge. The company’s findings showed that majority of the funds were returned as USDC stablecoin followed by USDT and then other altcoins.
Peckshield noted that 3.78 million USDC, 2 million USDT, 15.8 million CQT ($1.38 million), $1.28 million FRAX ($1.2 million), 100 ETH ($164k), 200 WETH ( $328k) were recovered. However, more than 50% of the stolen funds still sit on three main addresses.
The Nomad cross-chain hack came just a few days after Nomad announced that they had received $22.4 Million in a seed round from crypto industry giants like Coinbase Ventures, OpenSea, CryptoCom Capital, Polygon, Gnosis, Polygon, etc. The Nomad team is working closely with TRM Labs, a leading intelligence firm, and law enforcement agents to track and recover their stolen funds.
As investigations continue, reports about a lapse from Nomad has surfaced. Bestbrokers (a crypto analysis group) are claiming that the vulnerability which the hacker exploited was mentioned in a Security Audit Report done by Quanstamp on 6th June 2022. At that time, Nomad deemed the vulnerability as a low risk and even responded by saying that they consider it to be reasonably impossible to find the preimage of the empty leaf.
Featured Image Source: www.cryptopotato.com